A method of enhancing security in object based datastores is provided. The method mounts first and second datastores identified, respectively, by first and second datastore identifiers. The first and second datastores include, respectively, first and second namespace objects that are mapped to first and second subfolders in the first and second datastores. A first file within the first subfolder references a first object via a first object identifier, while a second file within the second subfolder references a second object via a second object identifier. The first and second objects are tagged with the first and second datastores' identifiers. The first and second datastores share an underlying storage and may be configured to have separate access permissions. The method receives a command to access the first object via a datastore identifier, compares the datastore identifier with the first datastore identifier, and if they match, allows access to the first object.

A method of enhancing security in object based datastores is provided. The method mounts first and second datastores identified, respectively, by first and second datastore identifiers. The first and second datastores include, respectively, first and second namespace objects that are mapped to first and second subfolders in the first and second datastores. A first file within the first subfolder references a first object via a first object identifier, while a second file within the second subfolder references a second object via a second object identifier. The first and second objects are tagged with the first and second datastores' identifiers. The first and second datastores share an underlying storage and may be configured to have separate access permissions. The method receives a command to access the first object via a datastore identifier, compares the datastore identifier with the first datastore identifier, and if they match, allows access to the first object.

A virtual machine that includes a plurality of processes executes on a computer processor. A record-replay file, trace annotations, and an application program interface request are received into the computer processor. The trace annotations and application program interface request are translated into record-replay commands. The record-replay commands capture data from the record-replay file, and the captured data can be accessed via a programmatic interface.

Techniques are provided for enforcing policies at a sub-logical unit number (LUN) granularity, such as at a virtual disk or virtual machine granularity. A block range of a virtual disk of a virtual machine stored within a LUN is identified. A quality of service policy object is assigned to the block range to create a quality of service workload object. A target block range targeted by an operation is identified. A quality of service policy of the quality of service policy object is enforced upon the operation using the quality of service workload object based upon the target block range being within the block range of the virtual disk.

One example technique includes receiving a request for accessing a file from a container process. In response to receiving the request, the technique includes querying a mapping table corresponding to the container process to locate an entry corresponding to a file identifier of the requested file. The entry also includes data identifying a file location on the storage device from which the requested file is accessible. The technique further includes retrieving a copy of the requested file according to the file location identified by the data in the located entry in the mapping table and providing the retrieved copy of the requested file to the container process, thereby allowing the container process to access the requested file.

Techniques are described for sharing prepopulated container image caches among container execution environments to improve the performance of container launches. The container images used to prepopulate such a cache at a computing device supporting one or more container execution environments can include various container images that are used as the basis for a wide range of user-created containers such as, for example, container images representing popular operating system distributions, database servers, web-application frameworks, and so forth. Existing systems typically obtain these container images as needed at runtime when launching containers (for example, from a container registry or other external source), often incurring significant overhead in the container launch process. The use of a prepopulated container image cache can significantly improve the performance of container launches by making such commonly used container images available to container execution environments running at a computing device ahead of time.

Techniques for tuning a machine learning algorithm using automatically determined optimal hyperparameters are described. An exemplary method includes receiving a request to determine a search space for at least one hyperparameter of a machine learning algorithm; determining, according to the request, optimal hyperparameter values from the search space for at least the one hyperparameter of the machine learning algorithm based on an evaluation of hyperparameters from the same machine learning algorithm on different datasets; and tuning the machine learning algorithm using the determined optimal hyperparameter values for the at least one hyperparameter of the machine learning algorithm to generate a machine learning model.

Techniques for feature engineering pipeline generation for machine learning using decoupled dataset analysis and interpretation are described. A feature engineering engine obtains a dataset and utilizes a number of analyzers to generate data facts associated with the columnar values of the dataset. The data facts are consolidated together as a set of data statements that are used by multiple interpretation engines that implement different strategies for treating the data in order to generate feature engineering pipeline code.

A method of forming a vertical transistor includes forming a fin structure on a substrate, forming a gate structure on the fin structure, and forming a bottom source/drain (S/D) region on the fin structure, such that an air gap is formed between the bottom S/D region and the gate structure.

A method is provided that includes establishing, by an application server, a remote access session with a client device, and creating, by a file system agent running on the application server, a metadata-only virtual file system associated with the remote access session, wherein the virtual file system only comprises file metadata associated with a plurality of files residing in a local file system of the client device. The method further includes responsive to receiving, by the virtual file system, a request to access content of a file referenced by the virtual file system, redirecting the request to a file system driver implementing at least a sub-tree of the local file system of the client device.